issue-fields-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes user-generated GitHub content (e.g., repository labels via gh label list -R {owner}/{repo}, issues via gh issue list ..., and project items via mcp__github__projects_list(... method: "list_project_items") as shown in SKILL.md), and the agent reads and acts on that untrusted third-party content to determine mappings and perform writes, so it could enable indirect prompt injection.